Avast! file ngiodriver running during definition updates.

[REDACTED]

I find it suspicious because it installs newly randomly generated services on every manual or automatic update

No, it doesn't.
It is the same service every time.
The name of the file is just changing to prevent malware from detecting/blocking/infecting it.

This is true. I mean that the service name changes every time to randomly generated 7 lower-case letters like...

Service Name:  pbgnhwjz
Service Name:  nldzifwh

But the file name is always C:/Windows/system 32/drivers/ngiodriver_64

This is also strange since I see no file in system 32 called this... ngiodriver_64 is in C:/Program Files/AVAST Software/setup folder.

Is it doing this because a virus/malware is trying to stop Avast! from updating? Or is this just something that it naturally does? Cause I could have swore it never used to do this before... I've done virus/malware scans though and found nothing. :/

[Dwarden]

update to beta and get rid of NG

[Eddy]

*SIGH*

Accept the fact that there is nothing wrong.
Nothing is attacking avast on your system.
Stop running around in circles.

[REDACTED]

*SIGH*

Accept the fact that there is nothing wrong.
Nothing is attacking avast on your system.
Stop running around in circles.

Alright... but can you at least explain why you think nothing is wrong and that everything I mentioned in this thread seems normal to you? If I can fully understand the situation then I won't post here again.

Please?

[Eddy]

We already told you.

[REDACTED]

We already told you.

You all did, yes. But didn't really give an explanation as to why this is happening... if this were a common thing... everything one else's systems would be doing the same as well. And the fact that no-one here has chipped in with this conversation probably means this ngiodriver_64 thing is only happening to me... which is worrying.

Unless someone else can say they also have the same behaviour and that the behaviour is normal.

I know you are probably getting annoyed at me, but you have to understand I have certain problems and unless I can be completely convinced that something isn't wrong I will continue to worry... I'm sorry... it's just the way I am.

[REDACTED]

I'm starting to get very worried. I disabled the use of Deepscreen in Avast! and tried to manually update again and this ngiodriver problem still occurs. I thought that Deepscreen is what was possibly causing this since it's directly related to NG?

I notice as well that the 2 instances of instup.exe that are running... the first initial one is the one that usually runs on any scheduled check for updates... but this .exe shuts down very shortly after it starts and another is started in it's place. Does this mean that the first installer is crashing?

The reason I'm concerned is because I think this may have more to do with my current installation of Windows 7... it's been acting very strange the past week or more... svchost processes that ran almost instantly on startup are now taking much longer to start... I assume Avast! relies heavily on particular windows files to update itself... anyone have any idea which files in Win 7 Avast! relies on to update it's definitions on the system? Does it rely on svchost.exe (netsvcs)?

[REDACTED]

I noticed a couple more things in the Update Logs so I thought I'd post them here so that a tech-savvy person can look over them to see if everything is normal.

This is the log of the first instup.exe that appears upon a search for an update (whether it be manual or a successful update via automatic)

[2016-06-08 19:47:52] [info   ] [instcont       ] [ 4252: 4992] 2016/06/08 19:47:52 START: Avast installer/updater
[2016-06-08 19:47:52] [info   ] [instup       ] [ 4252: 4992] Command: '"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:update_vps /session_id:6'


What is this instup.exe /instop:update?


[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Running module version: instup.exe - '11.2.2738.0'
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Running module version: Instup.dll - '11.2.2738.0'
[2016-06-08 19:47:52] [info   ] [simutex        ] [ 4252: 4992] Checking for the mutex ownership.
[2016-06-08 19:47:52] [info   ] [simutex        ] [ 4252: 4992] The mutex is signaled. We are owners of the mutex.
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Loading product state
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Guid = 07cd9ca6-4558-4625-abb0-c6fb948d546e, Created = 13:11:03 07.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Persistent Guid = 1f4fcb05-35c0-45a6-bc4f-dee1e07c0a70, Created = 13:11:03 07.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] ProductId = ais
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Edition = 1
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Installed Part info:
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'iex' = 'iex', 6 (0x00000006), 16:21:04 08.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'jrog2' = 'jrog2', 4351 (0x000010FF), 16:21:05 08.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'program' = 'prg_ais', 184682710 (0x0B0208D6), 12:22:11 27.04.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'setup' = 'setup_ais', 184682710 (0x0B0208D6), 12:22:12 27.04.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'vps' = 'vps_win32', 369494017 (0x16060801), 16:21:07 08.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Latest Part info:
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'iex' = 'iex', 6 (0x00000006), 16:21:04 08.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'jrog2' = 'jrog2', 4351 (0x000010FF), 16:21:05 08.06.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'program' = 'prg_ais', 184682710 (0x0B0208D6), 12:22:11 27.04.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'setup' = 'setup_ais', 184682710 (0x0B0208D6), 12:22:12 27.04.2016
[2016-06-08 19:47:52] [info   ] [instup         ] [ 4252: 4992] Part 'vps' = 'vps_win32', 369494017 (0x16060801), 16:21:07 08.06.2016
[2016-06-08 19:47:52] [info   ] [partinfo       ] [ 4252: 4992] SetInstalled: Part package part-iex-6.vpx is installed.
[2016-06-08 19:47:52] [info   ] [partinfo       ] [ 4252: 4992] SetInstalled: Part package part-jrog2-10ff.vpx is installed.
[2016-06-08 19:47:52] [info   ] [partinfo       ] [ 4252: 4992] SetInstalled: Part package part-prg_ais-b0208d6.vpx is installed.
[2016-06-08 19:47:52] [info   ] [partinfo       ] [ 4252: 4992] SetInstalled: Part package part-setup_ais-b0208d6.vpx is installed.
[2016-06-08 19:47:52] [info   ] [partinfo       ] [ 4252: 4992] SetInstalled: Part package part-vps_win32-16060801.vpx is installed.
[2016-06-08 19:47:52] [info   ] [instupcore     ] [ 4252: 4992] PkgLoadProductInfo: product GPB was successfully loaded.
[2016-06-08 19:47:52] [info   ] [instupcore     ] [ 4252: 4992] Product update has started.
[2016-06-08 19:47:52] [info   ] [servers        ] [ 4252: 4992] Server definition(s) loaded for 'C:\Program Files\AVAST Software\Avast\setup\servers.def': 29 (maintenance:0)
[2016-06-08 19:47:52] [info   ] [servers        ] [ 4252: 4992] ChooseServer: selected server 'Download b9871595 AVAST9 Server' with current url 'http://b9871595.iavs9x.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
[2016-06-08 19:47:52] [info   ] [dldwrap        ] [ 4252: 4992] HttpGet: 'servers.def.vpx' was successfully downloaded (ip: 104.86.110.121, size: 2576 bytes).
[2016-06-08 19:47:52] [info   ] [dldwrap        ] [ 4252: 4992] HttpGet: 'servers.def.vpx' was successfully verified.
[2016-06-08 19:47:52] [info   ] [servers        ] [ 4252: 4992] ChooseServer: selected server 'Download l5010949 AVAST9 Server' with current url 'http://l5010949.iavs9x.u.avast.com/iavs9x' of type 'URL_TYPE_DOWNLOAD_PROGRAM'.
[2016-06-08 19:47:52] [info   ] [dldwrap        ] [ 4252: 4992] HttpGet: 'prod-pgm.vpx' was successfully downloaded (ip: 104.86.110.121, size: 445 bytes).
[2016-06-08 19:47:52] [info   ] [dldwrap        ] [ 4252: 4992] HttpGet: 'prod-pgm.vpx' was successfully verified.
[2016-06-08 19:47:52] [info   ] [pkgproduct     ] [ 4252: 4992] LoadPartInfo: program = prg_ais-b0208d6 returned 0x00000000
[2016-06-08 19:47:52] [info   ] [pkgproduct     ] [ 4252: 4992] LoadPartInfo: setup = setup_ais-b0208d6 returned 0x00000000
[2016-06-08 19:47:52] [info   ] [pkgproduct     ] [ 4252: 4992] LoadUatInfo: uat.vpx returned 0x00000000
[2016-06-08 19:47:52] [info   ] [pkgengine      ] [ 4252: 4992] LoadLatestProdAndParts: product file 'prod-pgm.vpx' was successfully loaded.
[2016-06-08 19:47:52] [info   ] [pkguat         ] [ 4252: 4992] UpdateLatestPartInfo: called, repo_id: 'iavs9x', part_id: program, installed_ver: b0208d6, latest_ver: b0208d6
[2016-06-08 19:47:52] [info   ] [pkguat         ] [ 4252: 4992] UpdateLatestPartInfo: called, repo_id: 'iavs9x', part_id: setup, installed_ver: b0208d6, latest_ver: b0208d6
[2016-06-08 19:47:52] [info   ] [servers        ] [ 4252: 4992] ChooseServer: selected server 'Download g4628919 AVAST9 Server' with current url 'http://g4628919.ivps9x.u.avast.com/ivps9x' of type 'URL_TYPE_DOWNLOAD_VPS'.
[2016-06-08 19:47:52] [info   ] [dldwrap        ] [ 4252: 4992] HttpGet: 'prod-vps.vpx' was successfully downloaded (ip: 104.86.110.121, size: 456 bytes).
[2016-06-08 19:47:52] [info   ] [dldwrap        ] [ 4252: 4992] HttpGet: 'prod-vps.vpx' was successfully verified.
[2016-06-08 19:47:52] [info   ] [pkgproduct     ] [ 4252: 4992] LoadPartInfo: iex = iex-6 returned 0x00000000
[2016-06-08 19:47:52] [info   ] [pkgproduct     ] [ 4252: 4992] LoadPartInfo: jrog2 = jrog2-10ff returned 0x00000000
[2016-06-08 19:47:52] [info   ] [pkgproduct     ] [ 4252: 4992] LoadPartInfo: vps = vps_win32-16060801 returned 0x00000000
[2016-06-08 19:47:52] [info   ] [pkgengine      ] [ 4252: 4992] LoadLatestProdAndParts: product file 'prod-vps.vpx' was successfully loaded.
[2016-06-08 19:47:52] [info   ] [pkgengine      ] [ 4252: 4992] LoadLatestProdAndParts: part file part-iex-6.vpx was successfully loaded.
[2016-06-08 19:47:52] [info   ] [pkgengine      ] [ 4252: 4992] LoadLatestProdAndParts: part file part-jrog2-10ff.vpx was successfully loaded.
[2016-06-08 19:47:52] [info   ] [pkgengine      ] [ 4252: 4992] LoadLatestProdAndParts: part file part-vps_win32-16060801.vpx was successfully loaded.
[2016-06-08 19:47:52] [notice ] [instupcore     ] [ 4252: 4992] There isn't newer VPS version.
[2016-06-08 19:47:52] [info   ] [submit         ] [ 4252: 4992] Nothing to be sent.
[2016-06-08 19:47:52] [info   ] [stats          ] [ 4252: 4992] Downloaded files: 3 (3.40 KB)
[2016-06-08 19:47:52] [info   ] [stats          ] [ 4252: 4992] Download time: 1 s
[2016-06-08 19:47:53] [info   ] [servers        ] [ 4252: 4992] Server definition(s) loaded for 'C:\Program Files\AVAST Software\Avast\setup\servers.def': 29 (maintenance:0)
[2016-06-08 19:47:53] [info   ] [servers        ] [ 4252: 4992] ChooseServer: selected server 'Download y7549610 AVAST9 Server' with current url 'http://v7.stats.avast.com/cgi-bin/iavs4stats.cgi' of type 'URL_TYPE_STATS2'.
[2016-06-08 19:47:53] [info   ] [instup         ] [ 4252: 4992] Saving product state.
[2016-06-08 19:47:53] [info   ] [instup         ] [ 4252: 4992] Persistent Guid = 1f4fcb05-35c0-45a6-bc4f-dee1e07c0a70, Created = 13:11:03 07.06.2016
[2016-06-08 19:47:53] [info   ] [simutex        ] [ 4252: 4992] Checking for the mutex ownership.
[2016-06-08 19:47:53] [info   ] [simutex        ] [ 4252: 4992] The mutex is signaled. We are owners of the mutex.
[2016-06-08 19:47:53] [info   ] [dldwrap        ] [ 4252: 4720] HttpPost: ok with http status: 204
[2016-06-08 19:47:53] [info   ] [stats          ] [ 4252: 4720] Statistics sent successfully.
[2016-06-08 19:47:53] [info   ] [instcont       ] [ 4252: 4992] 2016/06/08 19:47:53 END: Avast installer/updater, return code 40965 (0x0000A005) [No update available]


I've looked at this log in detail and from what I can see of it, there doesn't appear to be any crash or interference of it searching for an update. As it ended with a valid return code... plus if it had crashed wouldn't it have said so here?

Straight after the original instup.exe terminates another starts in it's place and the next log begins there:


[2016-06-08 19:47:53] [info   ] [instcont       ] [ 4252: 4992] --
[2016-06-08 19:47:53] [info   ] [instcont       ] [ 4536: 3036] --
[2016-06-08 19:47:53] [info   ] [instcont       ] [ 4536: 3036] 2016/06/08 19:47:53 START: Avast installer/updater
[2016-06-08 19:47:53] [info   ] [instup         ] [ 4536: 3036] Command: '"C:\Program Files\AVAST Software\Avast\setup\instup.exe" /instop:change'


WHAT DOES THIS MEAN? IT HAS A COMPLETELY DIFFERENT VALUE THAN THE FIRST .EXE TO RUN... /INSTOP:CHANGE?


This part of the log is where things start to get a bit weird for me, it starts referring to NG and according to this log... NG isn't even active because its stating it with a value of 0... which I assume means it is not active... so why is it running?


[2016-06-08 19:47:53] [info   ] [instupcore     ] [ 4536: 3036] PkgLoadProductInfo: product GPB was successfully loaded.
[2016-06-08 19:47:53] [info   ] [instupcore     ] [ 4536: 3036] Product pre-change has started.
[2016-06-08 19:47:53] [info   ] [productcond    ] [ 4536: 3036] IsNgSupported: IsAswVmmVirtualizationActive returned 0 (0x00000000) [The operation completed successfully.] and false
[2016-06-08 19:47:53] [info   ] [system         ] [ 4536: 3036] ServiceInstall: Service kgpkfhej successfully installed.
[2016-06-08 19:47:53] [info   ] [system         ] [ 4536: 3036] ServiceStart: Starting the service 'kgpkfhej'.
[2016-06-08 19:47:53] [info   ] [system         ] [ 4536: 3036] ServiceStart: The service 'kgpkfhej' started successfully.
[2016-06-08 19:47:53] [info   ] [productcond    ] [ 4536: 3036] IsNgSupported: CPU type Intel
[2016-06-08 19:47:53] [info   ] [productcond    ] [ 4536: 3036] IsNgSupported: virtualization technology is probably disabled in BIOS
[2016-06-08 19:47:53] [info   ] [system         ] [ 4536: 3036] ServiceStop: The service 'kgpkfhej' stopped successfully.
[2016-06-08 19:47:53] [info   ] [system         ] [ 4536: 3036] ServiceUninstall: Attempting to uninstall the service 'kgpkfhej'.
[2016-06-08 19:47:53] [info   ] [system         ] [ 4536: 3036] ServiceUninstall: The service 'kgpkfhej' successfully uninstalled.
[2016-06-08 19:47:53] [info   ] [productcond    ] [ 4536: 3036] IsNgSupported: IsAswVmmVirtualizationActive returned 0 (0x00000000) [The operation completed successfully.] and false
[2016-06-08 19:47:54] [info   ] [system         ] [ 4536: 3036] ServiceInstall: Service agaeoqmu successfully installed.
[2016-06-08 19:47:54] [info   ] [system         ] [ 4536: 3036] ServiceStart: Starting the service 'agaeoqmu'.
[2016-06-08 19:47:54] [info   ] [system         ] [ 4536: 3036] ServiceStart: The service 'agaeoqmu' started successfully.
[2016-06-08 19:47:54] [info   ] [productcond    ] [ 4536: 3036] IsNgSupported: CPU type Intel
[2016-06-08 19:47:54] [info   ] [productcond    ] [ 4536: 3036] IsNgSupported: virtualization technology is probably disabled in BIOS
[2016-06-08 19:47:54] [info   ] [system         ] [ 4536: 3036] ServiceStop: The service 'agaeoqmu' stopped successfully.
[2016-06-08 19:47:54] [info   ] [system         ] [ 4536: 3036] ServiceUninstall: Attempting to uninstall the service 'agaeoqmu'.
[2016-06-08 19:47:54] [info   ] [system         ] [ 4536: 3036] ServiceUninstall: The service 'agaeoqmu' successfully uninstalled.


Also... what is this part below? It's also referring to products I refused to install upon the installation of the antivirus... I refused all but the basic shield protection.


[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_ara' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_bpc' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_gadget' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_grimefighter' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_hds' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_pwdman' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_pwdman_chrome' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_pwdman_ff' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_pwdman_ie' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_pwdman_ie_x64' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_rescuedisk' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_secdns_hlp' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_secureline' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_secureline_x64' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_sfzone' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_sfzone_x64' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_swhealth' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_webrep' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_webrep_chrome' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_webrep_ff' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_webrep_ie' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_cmp_webrep_x64' has been added to the auto-deployment blacklist
[2016-06-08 19:47:54] [info   ] [instup         ] [ 4536: 3036] The group 'ais_dll_egb_bpc' has been added to the auto-deployment blacklist

[2016-06-08 19:47:56] [info   ] [simutex        ] [ 4536: 3036] Checking for the mutex ownership.
[2016-06-08 19:47:56] [info   ] [simutex        ] [ 4536: 3036] The mutex is signaled. We are owners of the mutex.
[2016-06-08 19:47:56] [info   ] [instcont       ] [ 4536: 3036] 2016/06/08 19:47:56 END: Avast installer/updater, return code 0 (0x00000000) [The operation completed successfully.]
[2016-06-08 19:47:56] [info   ] [instcont       ] [ 4536: 3036] --


Sorry for the huge logs... but I just want this sorted for good so I don't have to post here and be annoying anymore. Can someone look these over?

[Eddy]

If you don't do it already, go see a therapist.
We can only help you with computer (related) problems.
We (and others) can tell you hundreds of times the same thing, but if you can't handle it there is nothing we can do for you.

I wish you all the best and hope you get it sorted out.

[REDACTED]

If you don't do it already, go see a therapist.
We can only help you with computer (related) problems.
We (and others) can tell you hundreds of times the same thing, but if you can't handle it there is nothing we can do for you.

I wish you all the best and hope you get it sorted out.

Wow, how rude... seriously...

It took me ages to get that log together and edit it so that people can see the main parts I'm concerned about and no-ones even gonna have a look at it?

Once someone tells me that log looks normal (including the parts I highlighted) then I won't post any more. That's all I'm asking for... my personal problems should have nothing to do with it. 

[Eddy]

Yes your personal problems do have to do with it, as you have said so yourself.
Advising someone to seek help and wishing him all the best is not rude at all.

We have told you many times that there is nothing wrong with avast on your system.
You can ask it hundreds of times more, but it will not change our answers.

[REDACTED]

Yes your personal problems do have to do with it, as you have said so yourself.
Advising someone to seek help and wishing him all the best is not rude at all.

We have told you many times that there is nothing wrong with avast on your system.
You can ask it hundreds of times more, but it will not change our answers.

Look man... I do have some problems... yes. But all I want is just a bit of confirmation... but you aren't even willing to indulge me... I said that if this log could be looked over and examined and if it turns out to look normal... fine. I will go on my merry way and won't have to worry anymore, it's good for everyone, including me...

And you say... "it doesn't matter how many times we tell you etc" I said I would be okay once it's done, I don't go against my word... so can some people just have a detailed look at it, please?

[davexnet]

Are you sure about those file names?  Drivers usually end with .sys

I see some files such as  \program files\avast software\avast\setup such as
ngiodriver_x64_ais-8c5.vpx     and
ngiodriver_x86_ais-8c5.vpx   (I am running 32 bit XP Pro)

But no ng* components/driver are loaded in the system.

The behavior you see maybe a little odd (nothing unusual for avast TBH) but it is definitely not malicious.
In avast settings/troubleshooting/update - do you have update program set to manual? Automatic?

[Eddy]

.vpx = Avast Update File

Data file used by avast
May contain virus definitions and software update information.
Used for keeping the software up-to-date with the latest protection signatures.

[REDACTED]

Are you sure about those file names?  Drivers usually end with .sys

I see some files such as  \program files\avast software\avast\setup such as
ngiodriver_x64_ais-8c5.vpx     and
ngiodriver_x86_ais-8c5.vpx   (I am running 32 bit XP Pro)

But no ng* components/driver are loaded in the system.

The behavior you see maybe a little odd (nothing unusual for avast TBH) but it is definitely not malicious.
In avast settings/troubleshooting/update - do you have update program set to manual? Automatic?

Automatic Update and Streaming Updates is also enabled.

And yeah, I have those exact same .vpx ngiodriver files in my setup folder. (but slightly different at the end... 8d6 instead of 8c5) These are the files that run every time my Avast Definitions update... as you see in the logs it constantly keeps creating randomly generated named services then immediately eliminating them... not sure why tbh.

Whether or not Avast! should be doing this is something I don't know... because previously this never happened when Avast! updated... this is why I've been asking for other peoples opinions or whether it is happening to them too.